Sign in Registration

Drupalgeddon 2 and Drupalgeddon 3, extremely dangerous vulnerabilities


At the end of March 2018, many web developers received a notification informing them of critical vulnerabilities found in Drupal. These vulnerabilities allow attackers to completely take over a website in minutes.

All sites on Drupal up to 7.58 were attacked first, and then sites on versions up to 7.59 . As for version 8, Drupal versions before 8.5.3 and 8.4.8 turned out to be unsafe. How was this vulnerability fixed in the new versions? Quite simply, a sanitizer function has been added that removes all potentially dangerous code.

Drupalgeddon 3 appeared almost immediately after Drupalgeddon 2. This is due to the fact that the vulnerability in the system was not immediately fixed. Therefore, some people share vulnerabilities in this way. What does Geddon mean? This word translates as a hive, and indeed the whole essence of the vulnerability lies in the fact that you can send data via ajax, which contains dangerous code. This code is not verified in any way and can be immediately executed. This kind of injection into the system.

It is quite easy to notice that your site on Drupal has been hacked . For example, new files and folders have appeared in the directories on the hosting of your sites, and the event log contains notifications with errors, which include addresses like:? Q = user / password & name [% 23post_render] [] = "+ phpfunction +" & name [% 23type] = markup & name [% 23markup] = "+ =" form_id = user_pass & _triggering_element_name = name.

The vast majority of site owners on Drupal were instantly updated to new versions, but now you can still find sites that are still on older versions of this CMS. This means that they can be hacked at any time. Updating Drupal is not such a difficult task, you just need to do a few Sequential Steps . As a last resort, you can independently install a patch for old versions, or if you do not know how to install a patch for Drupal - then you can manually add the missing code from the new versions to the existing files of your Drupal site.

It so happened that the vulnerability was not completely eliminated immediately, so we had to release new versions twice, first Drupal 7.58 - in which, as it turned out later, the vulnerability was partially fixed, then Drupal 7.59 - in which the vulnerability was completely eliminated. Also for version 8 of this CMS. Therefore, if you have updated to intermediate versions, you will have to update again, otherwise the hacks will be repeated. Drupal exploits for Drupalgeddon 2 and Drupalgeddon 3 can be found online that anyone can use.

Thus, vulnerabilities are extremely dangerous, if your site has not yet been updated - do it as soon as possible.

Comments (0)
For commenting sign in or register.

Latest articles

Popular sections

Eqsash (Tools)

Android app - VK LAST USER ID, отучитель от зависимости и т.д.:
Available on Google Play

Amessage (Communication)

Login to the web version
Android app:
Available on Google Play

Share this

Subscribe to



IT notes - In simple language about the most necessary things (HTML, CSS, JavaScript, PHP, databases, Drupal, Bitrix, SEO, domains, security and more), PDF, 500 p.